0Like 0 Report Issue 152 Views 8 Tags
Process Pending
Risk Pending
Control 129
GRC Reference Templates

GRC Library has created a variety of reference templates based on compliance documents for your convenience.
These templates include the Compliance Controls Checklist, Risk and Control Self-Assessment (RCSA), Policy templates, and more. You can click the link below to access and download the templates.


Policy Template
1. Communication Policy for ICT Risk Management
2. Cyber Threat Information Sharing Policy
3. Data Backup and Recovery Policy
4. ICT Business Continuity Policy
5. ICT Incident Response Policy
6. ICT Monitoring and Evaluation Policy
7. ICT Risk Management Framework Policy
8. ICT Security Policy
9. Operational Resilience Testing Policy
10. Third-Party Service Provider ICT Risk Management Policy


EUR-Lex Checklist
Digital Operational Resilience Act - Regulation (EU) 2022/2554 Controls Checklist


EUR-Lex RCSA
Digital Operational Resilience Act - Regulation (EU) 2022/2554 RCSA Template


Digital Operational Resilience Act - Regulation (EU) 2022/2554

Name: Digital Operational Resilience Act - Regulation (EU) 2022/2554

This act is important as it aims to improve the resilience of financial systems against digital and ICT-related risks, thus safeguarding the integrity and stability of financial services across the EU. It sets the groundwork to harmonize practices in managing ICT risks, incident reporting, and resilience testing, ultimately enhancing consumer trust and market confidence.

Target Audience:

  • Financial Entities
  • Regulatory Authorities

Key Points:

  • ICT Risk Management Establishes requirements for financial entities to manage risks related to information and communication technology, ensuring that they have robust systems in place to prevent, detect, and respond to ICT-related incidents.
  • Incident Reporting Streamlines the incident reporting frameworks for financial entities to ensure timely communication of major ICT-related incidents to regulatory authorities.
  • Digital Operational Resilience Testing Maintains requirements for regular testing of entities' digital operational resilience, facilitating early identification of vulnerabilities in their ICT systems.
  • Oversight of Critical ICT Third-Party Providers Establishes an oversight framework for managing the risks posed by critical ICT third-party service providers to ensure that they maintain adequate security and response measures.
  • Harmonization across Member States Aims to eliminate divergences in how ICT risks are managed across the EU, promoting a unified framework that supports the single market for financial services.

Related Regulations or Articles:

  • Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union This regulation complements Directive (EU) 2022/2555, which focuses on cybersecurity, by specifically addressing the operational resilience of financial entities in the context of ICT risks and creating synergies between cybersecurity measures and operational risk management.
  • Regulation (EU) 2016/1148 concerning measures for a high common level of security of network and information systems The regulation builds upon and enhances the existing requirements set under Regulation (EU) 2016/1148, ensuring that financial entities exhibit heightened operational resilience against ICT threats.

Reference URL: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32022R2554

Tags
Updated: 2024-08-04 21:09:46
Created: 2024-08-04 21:09:46
** Warning: The above information is AI assisted information for your reference. Inaccurate information may appear.
Please double-check the information before use and report any issues using the contact us form.
** GRC Library does not contain any copyrighted materials (like ISO, CIS, NIST, etc.).
If you would like to read this kind of document, please visit the corresponding site for more information.
GRC Library © 2025 (Powered by AI Technologies)